This course focuses on how to design and build secure systems with a human-centric focus. We will look at basic principles of human-computer interaction, and apply these insights to the design of secure systems with the goal of developing security measures that respect human performance and their goals within a system.
Fundamentals of Human-Computer Interaction: users, usability, tasks, and cognitive models
Design: design methodology, prototyping, cybersecurity case study
Evaluation: usability studies, A/B testing, quantitative and qualitative evaluation, cybersecurity case study
Strategies for Secure Interaction Design: authority, guidelines for interface design
Aslam Karachiwala completed this course, spending 4 hours a week on it and found the course difficulty to be very easy.
The following is the review I posted on Coursera.
This was an extremely elementary and thus disappointing course. While the importance of "Usability" was rightly emphasized, the representation in terms of examples, case studies, etc. was simplistic....
The following is the review I posted on Coursera.
This was an extremely elementary and thus disappointing course. While the importance of "Usability" was rightly emphasized, the representation in terms of examples, case studies, etc. was simplistic. I appreciated having my attention drawn to the pitfalls of HCI design and the consequent failure of the corresponding systems. However, the solutions were presented as if: 1.) there are always "correct" interface/usability choices; 2.) the "correct" choice is all that's needed for the system to be optimally functional; and 3.) there is never a tension between usability and effective functioning of a system (that can't be resolved with correcting the usability).
It is irresponsible to suggest, for example, that a user selected memorable password is generally adequately secure without also covering ways that an interface can guide/nudge the user to create a secure password. Wide recognition of the importance of this may be more recent than the studies covered in the course. There is nothing wrong with studying old, seminal research, even in this age of "Internet time," but I wish I wasn't left wondering what, if any, developments had occurred in the decade or so since that research took place.
As for tension between usability and security, it absolutely exists. For instance, PGP encryption is a reliable way to secure information, yet making it usable remains a challenge. This is not even mentioned in the entire course. In fact, this course would leave an otherwise uninformed student believing that there are usability solutions waiting to be applied to every cause of info insecurity if the techies would just look. I wish the course had at least acknowledged that there are cases where a slight compromise on usability might be necessary for the sake of appropriate security.
Lastly, for those designing an HCI for security, it is important to understand threat models. This concept is also missing from the course.
I reviewed this course (above) immediately after I finished it. I am now in the 3rd week of Software Security, the 2nd course in the Cybersecurity specialization, and am realizing that 2 stars was a generous assessment. Based on the prerequisites of the Software Security course, the Usable Security course, in its current form, is too elementary to be appropriate for people who have the experience/knowledge required for the rest of the courses in this specialization. As I explained above, the course relies heavily on decade-old research but does not cover any developments since. For instance, the usability issues covered in the studies are for ancient versions of browsers with no discussion of how the browsers and our infosec vulnerabilities have changed since those studies were published. Another example is the instructor's eschewing of password managers while many knowledgeable folks in the infosec community today recommend their use. The usability challenges of password managers and a discussion of how they might be mitigated would have been more appropriate.
Thomas D completed this course, spending 2 hours a week on it and found the course difficulty to be very easy.
I took this course at the same time as "Software Security". I really enjoyed Software Security, but Usable Security was horrible. The instructor is a really bad teacher, and she doesn't seem to know anything about computer science, she is just a psychologist....
I took this course at the same time as "Software Security". I really enjoyed Software Security, but Usable Security was horrible. The instructor is a really bad teacher, and she doesn't seem to know anything about computer science, she is just a psychologist. The videos a poorly made (most of the course are not even prepared and they are just 3 people openly discussing about something). The slides are useless (just some photos and 2-3 words per slide, and there are a lot of courses which don't even have any slides). The quizzes are useless, you could answer them without even looking at the course. The questions of the final exam do not have a clear answer (for instance: they think that a password with 8 random characters is hard to crack, but it would take only a few days with a brute force attack, and also they think that a user chosen 8 character password is more secure than a random one, which is wrong in my opinion). A lot of questions could be either true or false depending on the context and there is no formality in this course. I would not recommend it at all, but I took it as part of the cybersecurity specialization. Thankfully, the Software Security course was really amazing.
Anonymous completed this course.
This course looks into Security from a different perspective, one that many times developers or the people enforcing security polices on companies fail to see many times. It is not a technical course but will help you think more about the human factor that can break the same security policies you are trying to enforce and perceive things from the user perspective. Many people with security background would probably be able to answer the quizzes without taking the course or studying much, but overall I think it is good to have and encourage conversations like this openly. It is true that many types there is a disconnect between the users and the developers, and it is important to be aware of this and do what we can to close the gap.
Butch Landingin is taking this course right now, spending 3 hours a week on it and found the course difficulty to be easy.
While some students complained if this was really a security related course because it dealt primarily with the "human factors", I think it offered me a fresh perspective on security as not just about threats and malicious behavior, but also how legitimate users themselves compromise security (e.g. phishing) if the software developers do not consider the security requirements early in their design. Its fairly easy and highly relevant even for non-programmers such as UI designers and testers.
I understand that taking it as a part of Cybersec Specialization can seem like a wrong idea if you are into technology, but you actually need to understand user psychology to effectively defend the user.
Patrick E. completed this course, spending 4 hours a week on it and found the course difficulty to be easy.
This course is interesting for people who are interested in human-computer interaction and usability aspects of security. However I was a bit disappointed with the level of depth of the course. Also there were a few errors in the course materials and there was no answer from course staff after asking about it in the forums.